TY - GEN
T1 - How good are humans at solving CAPTCHAs? A large scale evaluation
AU - Bursztein, Elie
AU - Bethard, Steven
AU - Fabry, Celine
AU - Mitchell, John C.
AU - Jurafsky, Dan
PY - 2010
Y1 - 2010
N2 - Captchas are designed to be easy for humans but hard for machines. However, most recent research has focused only on making them hard for machines. In this paper, we present what is to the best of our knowledge the first large scale evaluation of captchas from the human perspective, with the goal of assessing how much friction captchas present to the average user. For the purpose of this study we have asked workers from Amazon's Mechanical Turk and an underground captchabreaking service to solve more than 318 000 captchas issued from the 21 most popular captcha schemes (13 images schemes and 8 audio scheme). Analysis of the resulting data reveals that captchas are often difficult for humans, with audio captchas being particularly problematic. We also find some demographic trends indicating, for example, that non-native speakers of English are slower in general and less accurate on English-centric captcha schemes. Evidence from a week's worth of eBay captchas (14,000,000 samples) suggests that the solving accuracies found in our study are close to real-world values, and that improving audio captchas should become a priority, as nearly 1% of all captchas are delivered as audio rather than images. Finally our study also reveals that it is more effective for an attacker to use Mechanical Turk to solve captchas than an underground service.
AB - Captchas are designed to be easy for humans but hard for machines. However, most recent research has focused only on making them hard for machines. In this paper, we present what is to the best of our knowledge the first large scale evaluation of captchas from the human perspective, with the goal of assessing how much friction captchas present to the average user. For the purpose of this study we have asked workers from Amazon's Mechanical Turk and an underground captchabreaking service to solve more than 318 000 captchas issued from the 21 most popular captcha schemes (13 images schemes and 8 audio scheme). Analysis of the resulting data reveals that captchas are often difficult for humans, with audio captchas being particularly problematic. We also find some demographic trends indicating, for example, that non-native speakers of English are slower in general and less accurate on English-centric captcha schemes. Evidence from a week's worth of eBay captchas (14,000,000 samples) suggests that the solving accuracies found in our study are close to real-world values, and that improving audio captchas should become a priority, as nearly 1% of all captchas are delivered as audio rather than images. Finally our study also reveals that it is more effective for an attacker to use Mechanical Turk to solve captchas than an underground service.
UR - http://www.scopus.com/inward/record.url?scp=77955194191&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77955194191&partnerID=8YFLogxK
U2 - 10.1109/SP.2010.31
DO - 10.1109/SP.2010.31
M3 - Conference contribution
AN - SCOPUS:77955194191
SN - 9780769540351
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 399
EP - 413
BT - 2010 IEEE Symposium on Security and Privacy, SP 2010 - Proceedings
T2 - 31st IEEE Symposium on Security and Privacy, SP 2010
Y2 - 16 May 2010 through 18 May 2010
ER -